Predictable Sequence ID Vulnerability in Net::DNS by Perl
CVE-2007-3377

Currently unrated

Key Information:

Vendor: Nlnet Labs
Status: Net Dns
Vendor: CVE Published:; 25 June 2007

What is CVE-2007-3377?

The vulnerability in Net::DNS stems from its Header.pm module, which generates predictable sequence IDs, enabling potential DNS spoofing attacks. Attackers can exploit this weakness to intercept or alter DNS responses, leading to a significant security risk. This issue particularly affects forking servers where the same starting ID can be utilized across multiple child processes, making it easier for attackers to forge responses and mislead users regarding domain authenticity.

References

http://secunia.com/advisories/26231

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/26417

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/29354

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2007
Vulnerability Reserved
Jun 25, 2007

CVE-2007-3377 Data

JSON

Nlnet Labs

What is CVE-2007-3377?

References

Timeline